====== Configure Firewall Settings Using Firewall-config Firewall-cmd Or Iptables ======

**General Information**

Firewalld is a new zone based firewall in RHEL 7. It replaces iptables.

----

===== Firewall Stack =====

  * firewall-config => GUI Frontend for firewalld
  * firewall-cmd => Cmd line frontend for firewalld
  * firewalld => Daemon that interacts with the Linux kernel's packet filter, Netfilter
    * cannot be used at the same time as iptables
  * iptables => Interacts with the Linux kernel's packet filter, Netfilter
    * cannot be used at the same time as firewalld

----

===== Firewalld (firewall-cmd, firewall-config) =====

Install and start firewall packages (included by default on base, not minimum install)
<code bash>
yum install firewalld firewall-config
systemctl start firewalld
systemctl enable firewalld
</code>

\\
View zone names
<code bash>
firewall-cmd --get-zones
</code>

\\
View default zone
<code bash>
firewall-cmd --get-default-zone
</code>
  * Zone "public" applies to all interfaces (the catch all)

\\
View current rules (default zone)
<code bash>
firewall-cmd --list-all
</code>

\\
View rules, specify zone
<code bash>
firewall-cmd --zone=home --list-all
</code>

\\
View all zones rules
<code bash>
firewall-cmd --list-all-zones
</code>

\\
Add source IP network for home zone (Runtime change)
<code bash>
firewall-cmd --zone=home --add-source=192.168.1.0/24
</code>
  * Runtime/Non-persistent changes are instant, but don't survive a reload/reboot

\\
Permanent change (survives firewall reload or system reboot)
<code bash>
firewall-cmd --zone=home --permanent --add-source=192.168.1.0/24
firewall-cmd --reload
</code>
  * Permanent changes do not take effect until a firewall-cmd --reload

\\
Allow HTTP on default zone (instant change and also permanent)
<code bash>
firewall-cmd --add-port=80/tcp
firewall-cmd --permanent --add-port=80/tcp
</code>

\\
Launch GUI, firewall-config
<code bash>
firewall-config
</code>

----

===== iptables =====

You can use iptables, but it is recommended to use firewall-cmd instead. Using iptables instead requires disabling firewalld, installing iptables-services, and then enabling the iptables service.

----